svs
Feb 15, 2017Cirrus
iRule Optimization
Hi Folks,
a customer is using an iRule, which logs full POST requests, including the passwords of a login in cleartext. He asked me to masquerade the password. Unfortunately I didn't found an easy way to do this and therefore written the following snippet of code.
when HTTP_REQUEST {
set data "POST /some_login HTTP/1.1\r\nHost: login.example.com\r\nAccept: */*\r\nContent-length: 65\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\nusername=some_user&password=Thi`isMyHig!S%&cu)eP,ssword"
log local0. "Request: $data"
set user_password_match "&password="
set user_password_match_len [string length $user_password_match]
set user_password_pos [expr {[string last $user_password_match $data]+$user_password_match_len}]
set user_password [string range $data $user_password_pos end]
log local0. "User password is: $user_password"
Only necessary to have the same length of asterisk as chars in the origion password
set user_password_list [split $user_password ""]
set user_password_new ""
foreach pwchar $user_password_list {
append user_password_new "*"
}
log local0. "Masked password is: $user_password_new"
set data_new [string map "$user_password $user_password_new" $data]
log local0. "Request (masked): $data_new"
}
Of course the logging is testing purposes during the development. But to be honest, I don't believe that this is the most easiest and efficient way to reach my goal. Does anybody have an idea how to optimize this iRule and make it more efficient?
Thanks in advance.
Greets, svs